A data breach at the dog-walking app Wag left addresses and lockbox codes publicly exposed online, an incident that could have led to break-ins or, more troublingly, dog-nappings. In some cases, the exposed data also included detailed information about where a dog would be in a customer’s home.

The Wall Street Journal reports that it found the information on Wag’s website without any password protection. Reporters saw records belonging to around 100 customers, but apparently, the records continued to refresh and change over time, so more could have been exposed. Here’s how the Journal explains it:

That was on one day, on a subset of the pages, and the records on those pages appeared to be replaced with different ones every day or two, meaning the total number of customers potentially exposed could be much larger.

Advertisement

Wag said that it is notifying customers whose information was included in the breach, which it attributed to a software glitch. “Given our investigation to date, we have no reason to believe this information was misused,” a Wag spokesperson said. The company took down the exposed data late last week.